Ericsson WCDMA/HSDPA User Manual
Configuration and Management
2.8.2
Application Level Gateways
From a security perspective, certain Internet applications, for example FTP
applications that open additional ports upon transfer, are especially
problematic to handle. An Application Level Gateway (ALG) provides a
translation and transportation service for such a specific application.
Incoming data packets are checked against existing NAT and packet
filtering rules, IP addresses are evaluated and a detailed packet analysis is
performed. If necessary, the contents of a packet are modified and if a
secondary port is required, the ALG will open one. The Ericsson W20
includes ALG support for the following applications:
applications that open additional ports upon transfer, are especially
problematic to handle. An Application Level Gateway (ALG) provides a
translation and transportation service for such a specific application.
Incoming data packets are checked against existing NAT and packet
filtering rules, IP addresses are evaluated and a detailed packet analysis is
performed. If necessary, the contents of a packet are modified and if a
secondary port is required, the ALG will open one. The Ericsson W20
includes ALG support for the following applications:
Application Protocol
Port
number
number
File Transfer Protocol (FTP)
TCP
21
Trivial File Transfer Protocol (TFTP)
UDP
69
The ALG for each application does not require additional configuration. The
supported ALGs can be enabled and disabled individually. To disable an
ALG, clear the corresponding check box on the NAT page and click
Apply
.
2.8.3 Port
Forwarding
Port forwarding is used to allow incoming access to a specific local network
device, for example an internal web server.
device, for example an internal web server.
Note: Port forwarding requires a public IP address of the Ericsson W20.
The Ericsson W20 IP address is displayed on the Internet page. If
the IP address begins with 10, 172, or 192, it is probably private.
In this case, no incoming access from the Internet is allowed. For
more information on public and private IP addresses, contact your
service provider.
the IP address begins with 10, 172, or 192, it is probably private.
In this case, no incoming access from the Internet is allowed. For
more information on public and private IP addresses, contact your
service provider.
Adding an Instance
To add a new port forwarding instance, click Add instance in the Port
Forwarding section on the NAT page. The Add Port Forwarding page is
displayed:
Forwarding section on the NAT page. The Add Port Forwarding page is
displayed:
32
1/1551-CRH 102 167 PA15 2006-08-16